diff options
| author | osmarks <me@osmarks.net> | 2024-08-04 17:05:10 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-08-04 18:05:10 +0200 |
| commit | 37c31eeae0bdaad6ea6b6038459b0553115f7e2e (patch) | |
| tree | aed3b998e9665d9f0e08f34fe5c80cbd918ea683 /doc | |
| parent | acf8409c60ccc96beed0a1f990c4f9374823c0ce (diff) | |
| download | ngircd-37c31eeae0bdaad6ea6b6038459b0553115f7e2e.tar.gz ngircd-37c31eeae0bdaad6ea6b6038459b0553115f7e2e.zip | |
Update documentation on CAFile
ngIRCd 27 now checks server certificates, and without `CAFile` set will reject all server/server connections with a confusing error. Update documentation to say that `CAFile` is needed to accept incoming server connections. Closes #320.
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/SSL.md | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/doc/SSL.md b/doc/SSL.md index a2e029b2..c457e60e 100644 --- a/doc/SSL.md +++ b/doc/SSL.md @@ -26,7 +26,7 @@ SSL-encrypted connections and plain-text connects can't run on the same network port (which is a limitation of the IRC protocol); therefore you have to define separate port(s) in your `[SSL]` block in the configuration file. -A minimal configuration for *accepting* SSL-encrypted client & server +A minimal configuration for *accepting* SSL-encrypted client connections looks like this: ``` ini @@ -36,11 +36,12 @@ KeyFile = /etc/ssl/certs/my-privkey.pem Ports = 6697, 6698 ``` -In this case, the server only deals with *incoming* connections and never has to -validate SSL certificates itself, and therefore no "Certificate Authorities" are -needed. +In this case, the server only deals with unauthenticated incoming +connections and never has to validate SSL certificates itself, and therefore +no "Certificate Authorities" are needed. -If you want to use *outgoing* SSL-connections to other servers, you need to add: +If you want to use *outgoing* SSL-connections to other servers or accept +incoming *server* connections, you need to add: ``` ini [SSL] |